Correctly escape aggregated journal notes_id

[ci skip]
pull/7267/head
Oliver Günther 6 years ago
parent 3007361e87
commit a358d45e5f
No known key found for this signature in database
GPG Key ID: A3A8BDAD7C0C552C
  1. 2
      app/models/journal/aggregated_journal.rb

@ -56,7 +56,7 @@ class Journal::AggregatedJournal
# Therefore we have to provide the notes_id to the aggregation on top of it being used # Therefore we have to provide the notes_id to the aggregation on top of it being used
# in the where clause to pick the desired AggregatedJournal. # in the where clause to pick the desired AggregatedJournal.
raw_journal = query_aggregated_journals(journal_id: notes_id) raw_journal = query_aggregated_journals(journal_id: notes_id)
.where("#{table_name}.id = #{notes_id}") .where("#{table_name}.id = ?", notes_id)
.first .first
raw_journal ? Journal::AggregatedJournal.new(raw_journal) : nil raw_journal ? Journal::AggregatedJournal.new(raw_journal) : nil

Loading…
Cancel
Save